Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Security Advisories for apache-airflow for https://github.com/apache/airflow Clear Filters

Low
11 months ago

Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data GSA_kwCzR0hTQS1qODU3LTJwd20tamptbc4ABBF-

pypi apache-airflow
High
about 1 year ago

Apache Airflow vulnerable to Improper Encoding or Escaping of Output GSA_kwCzR0hTQS1jMzkyLXdocGMtdmZwcs4AA_Wx

pypi apache-airflow
High
about 1 year ago

Apache Airflow vulnerable to Execution with Unnecessary Privileges GSA_kwCzR0hTQS05MnhnLWdtcnEtNWMzd84AA_W0

pypi apache-airflow
Moderate
about 1 year ago

Apache Airflow Cross-site Scripting Vulnerability GSA_kwCzR0hTQS13N2NwLWc4djctcjU0bc4AA-2D

pypi apache-airflow
High
about 1 year ago

Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler GSA_kwCzR0hTQS1nNWh2LXI3NDMtdjhwbc4AA9-F

pypi apache-airflow
Moderate
about 1 year ago

Apache Airflow Potential Cross-site Scripting Vulnerability GSA_kwCzR0hTQS1qNDgyLTQ3eGYtcDI1Y84AA9-G

pypi apache-airflow
Low
over 1 year ago

Apache Airflow does not return the "Cache-Control" header for dynamic content GSA_kwCzR0hTQS05eHBqLTYybW0tMjRoMs4AA9GF

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow: XSS vulnerability in Task Instance Log/Log Details GSA_kwCzR0hTQS01MmdtLXFtZzMtcjRxcM4AA8CD

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow Improper Preservation of Permissions vulnerability GSA_kwCzR0hTQS1jZmYzLTVxcnAtaHF4N84AA6TU

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow: Ignored Airflow Permission GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow: DAG Code and Import Error Permissions Ignored GSA_kwCzR0hTQS02djZ3LWg4bTYtN212Ms4AA5qK

pypi apache-airflow
High
over 1 year ago

Apache Airflow: Bypass permission verification to read code of other dags GSA_kwCzR0hTQS12bTVtLXFtcngtZnc4d84AA4qc

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service GSA_kwCzR0hTQS1tZzJ4LW1nZ2otNjk1Nc4AA4qb

pypi apache-airflow-providers-cncf-kubernetes, apache-airflow
High
over 1 year ago

Apache Airflow: pickle deserialization vulnerability in XComs GSA_kwCzR0hTQS1jM2M2LWYyd3cteGZyMs4AA4qZ

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow Improper Access Control vulnerability GSA_kwCzR0hTQS01OTM4LTc5aGcteGgzcc4AA39c

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow Cross-Site Request Forgery vulnerability GSA_kwCzR0hTQS02bTlyLTd3cngteG1yNs4AA39d

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow has a stored cross-site scripting vulnerability GSA_kwCzR0hTQS1weGNoLXdyN20tcnd4as4AA39U

pypi apache-airflow
Moderate
over 1 year ago

Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere GSA_kwCzR0hTQS04ZjU3LXdjbWctNGptaM4AA39V

pypi apache-airflow
High
almost 2 years ago

Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor GSA_kwCzR0hTQS1yN3g2LXhmY20tM214ds4AA3Cw

pypi apache-airflow
Moderate
almost 2 years ago

Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes GSA_kwCzR0hTQS1obTlyLTdmODQtMjVjOc4AA3Cv

pypi apache-airflow
High
almost 2 years ago

Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability GSA_kwCzR0hTQS02NjZnLXJmYzUtYzlqds4AA2wn

pypi apache-airflow, apache-airflow-providers-celery
Moderate
almost 2 years ago

Apache Airflow vulnerable to Exposure of Sensitive Information GSA_kwCzR0hTQS05cXFnLW1oN2MtY2hmcc4AA2oC

pypi apache-airflow
Moderate
almost 2 years ago

Apache Airflow vulnerable to privilege escalation GSA_kwCzR0hTQS1qM3c4LTJwMmgtbXJyOc4AA2ci

pypi apache-airflow
Moderate
almost 2 years ago

Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only GSA_kwCzR0hTQS1mcHh4LXh2NGMtZ3hxcM4AA2cj

pypi apache-airflow
Moderate
almost 2 years ago

Apache Airflow vulnerable to sensitive information exposure GSA_kwCzR0hTQS0zMndyLXFxdzYtNW1mcM4AA2cg

pypi apache-airflow
Moderate
almost 2 years ago

Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs GSA_kwCzR0hTQS1jZ3gyLXJybXItang0M84AA2ch

pypi apache-airflow
High
about 2 years ago

Apache Airflow information exposure vulnerability GSA_kwCzR0hTQS1tanFoLXY1ZjItZzJtd84AA11j

pypi apache-airflow
Moderate
about 2 years ago

Apache Airflow Incorrect Authorization vulnerability GSA_kwCzR0hTQS13cGc4LW1mNmgtZ205Ms4AA11i

pypi apache-airflow
High
about 2 years ago

Apache Airflow Session Fixation vulnerability GSA_kwCzR0hTQS1wbTg3LTI0d3Etcjh3Oc4AA1eM

pypi apache-airflow
Moderate
about 2 years ago

Apache Airflow missing Certificate Validation GSA_kwCzR0hTQS01ZjM1LXBxMzQtYzg3cc4AA1eK

pypi apache-airflow, apache-airflow-providers-imap, apache-airflow-providers-smtp
High
about 2 years ago

Apache Airflow denial of service vulnerability GSA_kwCzR0hTQS14Mm1oLThmbWMtcnFnaM4AA1eL

pypi apache-airflow
High
about 2 years ago

Apache Airflow Execution with Unnecessary Privileges GSA_kwCzR0hTQS0yNjl4LXBnNWMtNXhnbc4AA1D-

pypi apache-airflow
High
about 2 years ago

Apache Airflow Path Traversal vulnerability GSA_kwCzR0hTQS1nZ3dyLTR2cjgtZzd3ds4AA0pO

pypi apache-airflow
High
about 2 years ago

Apache Airflow Incorrect Authorization vulnerability GSA_kwCzR0hTQS0yaDg0LTNjcnEtdmdmas4AA0pT

pypi apache-airflow
High
about 2 years ago

Apache Airflow Improper Input Validation vulnerability GSA_kwCzR0hTQS0zaDRtLW01NXYtZ3g0bc4AA0pL

pypi apache-airflow
High
about 2 years ago

Apache Airflow Improper Input Validation vulnerability GSA_kwCzR0hTQS01OTQ2LThwMzgtdmZmcM4AA0pU

pypi apache-airflow
High
about 2 years ago

Apache Airflow information disclosure vulnerability GSA_kwCzR0hTQS14dnc5LTNtaG0teGpxcc4AA0pJ

pypi apache-airflow
High
over 2 years ago

Apache Airflow vulnerable to exposure of sensitive information GSA_kwCzR0hTQS1tamZmLXd2ODUtaG1jas4AAz7T

pypi apache-airflow
Critical
over 2 years ago

Apache Airflow vulnerable to Privilege Context Switching Error GSA_kwCzR0hTQS1qY2htLWZtNHEtYzJmcM4AAzHG

pypi apache-airflow
Moderate
over 2 years ago

Apache Airflow vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS12Y2Y2LTN3djItNXZjcs4AAzHH

pypi apache-airflow
Moderate
over 2 years ago

Sensitive Information in Error Messages in Apache Airflow GSA_kwCzR0hTQS1oNmc1LXdxcXItM213M84AAyIE

pypi apache-airflow
Critical
over 2 years ago

Command Injection in Apache Airflow and Apache Airflow MySQL Provider GSA_kwCzR0hTQS1jNzMyLXh2djgtZzk0Y84AAxHL

pypi apache-airflow-providers-mysql, apache-airflow
Critical
almost 3 years ago

OS Command Injection in Apache Airflow GSA_kwCzR0hTQS1ybWYyLXB3ZnEtaDc1as4AAwAD

pypi apache-airflow
Critical
almost 3 years ago

OS Command Injection in Apache Airflow GSA_kwCzR0hTQS03d3FmLWgzNnctNDdtY84AAwAE

pypi apache-airflow
Moderate
almost 3 years ago

OS Command Injection in Apache Airflow GSA_kwCzR0hTQS00NXI2LWozY2MtNm14eM4AAwAC

pypi apache-airflow
Moderate
almost 3 years ago

Apache Airflow Contains Open Redirect GSA_kwCzR0hTQS1yZzk0LTg0eGotN2dxM84AAv3Z

pypi apache-airflow
High
almost 3 years ago

Apache Airflow subject to Exposure of Sensitive Information GSA_kwCzR0hTQS1mdncyLTJwZjctNzd2d84AAv2h

pypi apache-airflow
High
almost 3 years ago

Apache Airflow vulnerable to OS Command Injection via example DAGs GSA_kwCzR0hTQS02cHczLThoOXctMzJnY84AAv2i

pypi apache-airflow
Moderate
almost 3 years ago

Apache Airflow Cross-site Scripting vulnerability GSA_kwCzR0hTQS1oNjNyLTl4eGYtZjJjN84AAvr2

pypi apache-airflow
Moderate
almost 3 years ago

Apache Airflow Open Redirect vulnerability GSA_kwCzR0hTQS1mOWZxLTc4Y2gtNHdtas4AAvr3

pypi apache-airflow
High
almost 3 years ago

Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API GSA_kwCzR0hTQS0zcThyLWYzcGotM2djNM4AAvNL

pypi apache-airflow
High
almost 3 years ago

Apache Airflow vulnerable to Use of Externally-Controlled Format String GSA_kwCzR0hTQS01cnA0LTc0OXAtdngyNs4AAu_Y

pypi apache-airflow
Moderate
almost 3 years ago

Apache Airflow contains open redirect GSA_kwCzR0hTQS00Zmc1LWo0bW0td2ZwZ84AAu_X

pypi apache-airflow
Moderate
about 3 years ago

Apache Airflow exposes arbitrary file content GSA_kwCzR0hTQS1xOGg5LXBxY3gtNTlod84AAunZ

pypi apache-airflow
Critical
over 3 years ago

Missing Authentication for Critical Function in Apache Airflow GSA_kwCzR0hTQS1oODhmLXI3Y3ctOGZ2M84AAp4C

pypi apache-airflow
Moderate
over 3 years ago

Apache Airflow Reflected Cross-site Scripting vulnerability in 404 Endpoint GSA_kwCzR0hTQS1ydjI1LTl3Z2oteGc3Nc4AAWPs

pypi apache-airflow
Moderate
over 3 years ago

Apache Airflow Cross-site Scripting Vulnerability GSA_kwCzR0hTQS02NXh3LXBjcXctaGpyaM0vEA

pypi apache-airflow
Moderate
about 4 years ago

Missing Authorization in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02aDItang5di01OHc2

pypi apache-airflow
Moderate
over 4 years ago

Cross-site Scripting in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4eHYtcDc4ci00ZmM2

pypi apache-airflow
Moderate
over 4 years ago

Improper Authentication in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZoMzctY3g4My1xNTQy

pypi apache-airflow
Moderate
over 4 years ago

Apache Airflow Cross-site Scripting MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwd3EtZmo4OS02cmpj

pypi apache-airflow
Critical
over 4 years ago

Authentication bypass in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoeDktcDY5di1jeDJq

pypi apache-airflow
High
over 4 years ago

Incorrect Session Validation in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdteDUteDM3Mi14aDg3

pypi apache-airflow
Moderate
over 4 years ago

Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944 MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2dnAteDNwci03OXJ4

pypi apache-airflow
High
over 4 years ago

Improper Access Control in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmdzMtNm1wNi1qbXZq

pypi apache-airflow
Moderate
almost 5 years ago

SSRF vulnerability in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyM3AtZmN2bS14aDdj

pypi apache-airflow
Low
almost 5 years ago

Apache Airflow logs passwords in plaintext MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2Y3EtZ21jMy1xNm04

pypi apache-airflow
Critical
about 5 years ago

Insecure default config of Celery worker in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnMnctNWYzdi1tZm1t

pypi apache-airflow
Critical
about 5 years ago

Command injection via Celery broker in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NnItcWZqai1jMjR3

pypi apache-airflow
High
about 5 years ago

Remote code execution (RCE) in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2bXEtNHg2Ni1xN2oz

pypi apache-airflow
Moderate
over 5 years ago

XSS in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqdmctcTU3di1tampj

pypi apache-airflow
Moderate
over 6 years ago

Apache Airflow vulnerable to Stored XSS MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwN3YtMmp2ai12NTRy

pypi apache-airflow
Moderate
over 6 years ago

Apache Airflow vulnerable to Stored XSS MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5Y3YtOGN2di02NjZj

pypi apache-airflow
High
over 6 years ago

Improper Certificate Validation in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3cmMteDg0cS1wdjRm

pypi apache-airflow
High
over 6 years ago

Cross-Site Request Forgery (CSRF) in Apache Airflow MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4d3YtcmpybS01NzZw

pypi apache-airflow
High
over 6 years ago

Improper Input Validation in Apache Airflow resulting in Remote Code Execution MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmZzQtajU2Mi1tanJj

pypi apache-airflow

Filter by Severity

Moderate 10,392 High 8,203 Critical 3,366 Low 1,511

Filter by Ecosystem

maven 6,905 packagist 5,425 pypi 4,951 npm 4,329 go 2,951 nuget 1,881 cargo 1,091 rubygems 928 hex 38 actions 37 swift 36 pub 10

Filter by Package

tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 418 magento/community-edition 302 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 242 typo3/cms 190 com.liferay.portal:release.portal.bom 142 org.apache.tomcat:tomcat 136 github.com/mattermost/mattermost/server/v8 129 com.liferay.portal:release.dxp.bom 125 pimcore/pimcore 120 dolibarr/dolibarr 116 typo3/cms-core 114 Django 108 phpmyadmin/phpmyadmin 107 drupal/core 103 microweber/microweber 103 magento/project-community-edition 102 silverstripe/framework 92 apache-airflow 85 librenms/librenms 83 drupal/drupal 83 thorsten/phpmyfaq 73 Plone 72 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 68 concrete5/concrete5 67 salt 65 ansible 63 actionpack 61 apache-superset 61 shopware/platform 58 org.apache.struts:struts2-core 57 github.com/grafana/grafana 56 mlflow 53 craftcms/cms 53 org.keycloak:keycloak-core 50 github.com/hashicorp/vault 49 org.apache.tomcat.embed:tomcat-embed-core 48 mautic/core 48 nova 48 baserproject/basercms 47 nokogiri 46 shopware/core 46 django 46 github.com/rancher/rancher 45 github.com/mattermost/mattermost-server/v6 45 vyper 44 gradio 44 github.com/mattermost/mattermost-server 43 org.xwiki.platform:xwiki-platform-oldcore 43 nilsteampassnet/teampass 42 rdiffweb 42 matrix-synapse 42 k8s.io/kubernetes 42 org.keycloak:keycloak-services 42 org.elasticsearch:elasticsearch 41 showdoc/showdoc 41 mantisbt/mantisbt 41 plone 41 froxlor/froxlor 40 intelliants/subrion 40 directus 39 picklescan 39 snipe/snipe-it 38 com.thoughtworks.xstream:xstream 37 net.mingsoft:ms-mcms 36 com.jfinal:jfinal 36 moin 35 io.undertow:undertow-core 35 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 34 github.com/answerdev/answer 34 gogs.io/gogs 33 parse-server 33 keystone 32 github.com/argoproj/argo-cd/v2 32 opencv-contrib-python 31 github.com/cilium/cilium 31 github.com/docker/docker 31 opencv-python 31 github.com/argoproj/argo-cd 31 shopware/shopware 31 github.com/hashicorp/nomad 31 getgrav/grav 30 next 29 Pillow 29 contao/core-bundle 29 rack 29 github.com/hashicorp/consul 29 electron 29 pillow 28 mediawiki/core 28 org.apache.solr:solr-core 28 org.opencms:opencms-core 27 centreon/centreon 27 prestashop/prestashop 27 org.springframework.security:spring-security-core 27 openssl-src 26 github.com/traefik/traefik/v2 25 rubygems-update 25 vllm 25 pocketmine/pocketmine-mp 25 org.eclipse.jetty:jetty-server 25 open-webui 25 getkirby/cms 24 flowise 24 magento/core 24 org.keycloak:keycloak-parent 24 surrealdb 24 remdex/livehelperchat 23 org.apache.tomcat:tomcat-catalina 23 grumpydictator/firefly-iii 23 phpoffice/phpexcel 23 org.bouncycastle:bcprov-jdk15on 23 org.bouncycastle:bcprov-jdk14 23 pyload-ng 23 puppet 23 simplesamlphp/simplesamlphp 23 laravel/framework 23 zendframework/zendframework 23 tribalsystems/zenario 22 ckb 22 @openzeppelin/contracts-upgradeable 22 phpoffice/phpspreadsheet 22 contao/contao 22 DotNetNuke.Core 22 Microsoft.AspNetCore.App.Runtime.win-x86 22 Microsoft.AspNetCore.App.Runtime.win-x64 22 org.apache.openmeetings:openmeetings-parent 22 activerecord 22 @openzeppelin/contracts 21 org.apache.nifi:nifi 21 github.com/ethereum/go-ethereum 21 glance 21 github.com/goharbor/harbor 21 helm.sh/helm/v3 21 Microsoft.AspNetCore.App.Runtime.win-arm 21 langchain 20 golang.org/x/net 20 code.gitea.io/gitea 20 typo3/cms-backend 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 ethyca-fides 20 wasmtime 20 funadmin/funadmin 20 cockpit-hq/cockpit 20 org.apache.tomcat:tomcat-coyote 20 aim 20 org.xwiki.platform:xwiki-platform-web-templates 20 github.com/zitadel/zitadel 19 Microsoft.AspNetCore.App.Runtime.linux-arm64 19 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 19 Microsoft.AspNetCore.App.Runtime.linux-x64 19 Microsoft.AspNetCore.App.Runtime.win-arm64 19 neutron 19 Microsoft.AspNetCore.App.Runtime.linux-arm 19 topthink/framework 19 deno 19 Microsoft.AspNetCore.App.Runtime.osx-x64 19 org.springframework:spring-core 18 org.apache.jspwiki:jspwiki-main 18 transformers 18 genix/cms 18 forkcms/forkcms 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 18 mindsdb 18 mercurial 18 com.vaadin:vaadin-bom 18 opencart/opencart 17 openmage/magento-lts 17 calibreweb 17 github.com/traefik/traefik/v3 17 symfony/security 17 francoisjacquet/rosariosis 17 org.apache.geode:geode-core 17 cryptography 17 notebook 17 OctoPrint 17 cakephp/cakephp 17 yetiforce/yetiforce-crm 17 org.apache.inlong:manager-pojo 17 github.com/openfga/openfga 17 ezsystems/ezpublish-kernel 17 paddlepaddle 16 phpbb/phpbb 16 org.apache.ranger:ranger 16 Microsoft.NetCore.App.Runtime.win-x86 16 org.bouncycastle:bcprov-jdk15 16 sequelize 16 ghost 16 Microsoft.NetCore.App.Runtime.win-arm 16 Microsoft.NetCore.App.Runtime.win-arm64 16 Microsoft.NetCore.App.Runtime.win-x64 16 org.apache.dubbo:dubbo 16 october/system 16

Filter by Repository

https://github.com/apache/airflow 78